Homeassistant
This hub aggregates every CVE we track for Homeassistant, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
5
CVEs tracked
0
Critical
2
High
0
In CISA KEV
Severity distribution
MEDIUM3HIGH2
Monthly trend
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 5 most recently published vulnerabilities affecting Homeassistant.
- CVE-2025-65713Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability.4.0
- CVE-2025-25305SSL validation for outgoing requests in Home Assistant Core and used libs not correct7.0
- CVE-2023-50715User accounts disclosed to unauthenticated actors on the LAN4.3
- CVE-2023-41893Account takeover via auth_callback login in Home Assistant Core4.3
- CVE-2018-21019Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py.7.5
Product normalization is registry-driven with AI assist and human review. How it works